Device management

The features in this guide describe device management capabilities you can implement in your device policy controller (DPC) app. Some of the feature documentation contains code samples. You can also use the Test DPC app as a source of sample code for Android's enterprise features.

A DPC app can run in profile owner mode in BYOD deployments or in device owner mode in corp-liable deployments. This table indicates which features are available when the DPC runs in profile owner mode or device owner mode.

Feature Profile owner Device owner
Create a custom lock screen message
Disable data roaming
Give users a customized message if a setting is blocked
Lock down the wallpaper
Lock down a customer user icon
Remotely monitor device health and status
Remotely reboot an Android device

Create a custom lock screen message

Running in device owner mode, a DPC can create a custom lock screen message on their users’ devices using the setDeviceOwnerLockScreenInfo method. This message displays on the device screen when locked, and is useful for a lost or stolen device. A common message is “This phone belongs to <company name>, call <phone number> if found.”

Disable data roaming

Data roaming can cause significant charges on mobile carrier bills. To help streamline those costs, a DPC running in device owner mode can disable data roaming by setting the DISALLOW_DATA ROAMING restriction. Once the user restriction is set by the DPC, a user can’t change data roaming via Settings on their device.

Give users a customized message if a setting is blocked

When a user clicks a setting or feature blocked by their IT department, the support message gives a brief explanation of why they can’t access the feature.

These messages can be more descriptive than “Action not allowed.” A DPC running in device owner or profile owner mode can customize these messages using the DevicePolicyManager setShortSupportMessage() and setLongSupportMessage() methods.

Create support messages

To explain why a setting is restricted, you can use short or long messages:

  • To create a short message, use the setShortSupportMessage() method.

    • The short message is restricted to 200 characters.
    • A common message is "This setting is disabled by your admin. Contact <yourITdepartment@example.com> for support."
  • To create a long message, use the setLongSupportMessage() method. The user can view this message on their device under Settings > Security > Device admins, and then select a specific admin.

If either of these messages needs to be translated, the DeviceAdminReceiver needs to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

Lock down the wallpaper

Organizations such as schools or companies that run Android devices as shared devices can block their users from changing the wallpaper on their device home screen.

To lock down the wallpaper, a DPC running in device owner or profile owner mode can set DISALLOW_SET_WALLPAPER to true. The default for this setting is false.

Lock down a customer user icon

A DPC running in either device owner or profile owner mode can add users and specify an icon for each user. This user icon is only on the device and is separate from the profile icon that appears in other Google properties, such as a Gmail message or Google Plus profile.

A DPC can configure the DISALLOW_SET_USER_ICON to true to restrict a user from changing their icon. The default for this setting is false.

Remotely monitor device health and status

A DPC running in device owner or profile owner mode can monitor unattended devices running in a remote location, such as digital signage displays or kiosks run off of Android devices. To do this, a DPC uses the HardwarePropertiesManager interface to get information about device health, such as GPU temperatures and CPU usage. This is useful to diagnose issues with devices that automatically turn off because of overheating or other issues.

To access the device’s Hardware Property Manager service, use Context.getSystemService() with string Context.HARDWARE_PROPERTIES_SERVICE.

Remotely reboot an Android device

A DPC can remotely reboot Android devices only when it runs in device owner mode. In some cases, devices deployed in public places inside enclosures or as digital signage displays can prevent easy access to the power button. If a device needs to be rebooted, a DPC can do so using the DevicePolicyManager.reboot() method.

A device doesn’t reboot if there’s an ongoing call. The device needs to be in an idle state to reboot. This is to prevent an admin interrupting a user’s phone call with a reboot request. If the device is active, it throws an IllegalStateException until CALL_STATE_IDLE.